156-915.71 Check Point Certified Security Expert R71 Update

Page 1   
Question 1

A customer is calling saying one member's status is Down. What will you check?

  • A. cphaprob list (verify what critical device is down)
  • B. Fw ctl debug –m cluster + forward (forwarding layer debug)
  • C. tcpdump/snoop (CCP traffic)
  • D. fw ctl pstat (check sync)


Answer : A

Question 2

Which of the following is NOT an Smartevent event-triggered Automatic Reaction?

  • A. Mail
  • B. Block Access
  • C. External Script
  • D. SNMP Trap


Answer : B

Question 3

The following graphic illustrates which command being issued a Secure Platform?


  • A. fwsecurexl stats
  • B. fwaccel stats
  • C. fw accel stats
  • D. fw securexl stats


Answer : C

Question 4

When synchronizing clusters, which of the following statements is NOT true?

  • A. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member fails.
  • B. The stare of connection using resources is maintained by a Security Server, so there connections cannot be synchronized.
  • C. Only cluster members running on me same OS platform can be synchronized.
  • D. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.


Answer : D

Question 5

With Smart Event what is the Analyzer function?

  • A. Analyze log entries, looking for event Policy patterns.
  • B. Generate a threat analysis report from the Analyzer database
  • C. Display received threats and tune the Events Policy.
  • D. Assign severity levels to events


Answer : A

Question 6

Which of the following is NOT accelerated by SecureXL?

  • A. FTP
  • B. HTTPS
  • C. TELNET
  • D. SSH


Answer : B

Question 7

You are using tracelogger to debug SSL VPN's server side and obtain a textual traffic
dump which type of traffic wills you NOT see in the output?

  • A. Traffic outbound from the internal networks
  • B. Traffic to the portal
  • C. Traffic outbound to the external networks
  • D. Traffic inbound from the external networks


Answer : B

Question 8

In configure a client to property log in to the user portal using a certificate, the Administrator
MUST:

  • A. Create an internal user in the admin portal.
  • B. Install an R71 internal Certificate Authority certificate.
  • C. Create a client certificate from Smart Dashboard
  • D. Store the client certificate on the SSL VPN Gateway


Answer : C

Question 9

Laura notices the Microsoft Visual Basic Kill Bits Protection is set to inactive. She wants to
set the Microsoft Visual Basic Kill Bits Protection and all other Performance Impact
Protections to Prevent. She asks her manager for approval and he started she can turn
these on. But he wants Laura to make sure High Performance Impacted Protections are
turned on while changing this setting. Using the output below, how would Laura Change
the Default_Protection on Performance Impact Protections classified as Low from inactive
to Prevent still meeting her other criteria?


  • A. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance impact to Medium or Above
  • B. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to Low or Above
  • C. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to Medium or Above
  • D. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to High or Above


Answer : C

Question 10

Which SmartEvent, what is the Correlation Unit's function?

  • A. Invoke and define automatic reactions and add events to the database
  • B. Assign seventy levels to events
  • C. Display received threats and tune the Events Policy
  • D. Analyze log entries, looking for Event Policy patterns


Answer : D

Question 11

When deploying dedicated DLP Gateway behind a perimeter firewall on an interface
leading to the internal network (there is only one internal network):

  • A. The DLP Gateway can inspect SMTP traffic if a MS Exchange server is located on the internal network, and it either sends e-mail directly to the internal using SMTP or sends e- mail to the internal in SMTP via a mail relay that is located on the perimeters firewall DMZ network.
  • B. The DLP Gateway can inspect internal e-mail (e-mail between two users on the internal network) if the organizations internal mail server is located in the internal in the internal network and users are configured to send e-mail to this mail server using SMTP.
  • C. User’s HTTPS and FTP traffic can be inspected by the R71 DLP Gateway.
  • D. The DLP Gateway can inspect e-mail (e-mail between two users on the internal network) if the organizations internal mail server is located on the another network (not the internal network; for instance the DMZ or a different internal network) add users are configured to send e-mail to this mail server using SMTP.


Answer : D

Question 12

In the following command LSMcli [-d] <server> <pswd> <action> "server" should be
replaced with

  • A. Hostname of ROBO gateway
  • B. Hostname DAP device
  • C. IP address of theSecurity Management server
  • D. GUclient


Answer : C

Question 13

You are using tracelogger to debug SSL VPNs server and obtain a textual traffic dump.
Which type of traffic will you not see in output?

  • A. Traffic outbound from internal networks
  • B. Traffic to the portal
  • C. Traffic outbound to external networks
  • D. Traffic inbound from external networks


Answer : B

Question 14

You use the snapshot feature to store your Connectra SSL VPN configuration. What do
you expect to find?

  • A. Nothing: snapshot is not supported in Connectra SSL VPN
  • B. The management configuration of the current product, an a management or stand-alone machine
  • C. A complete image of the local file system
  • D. Specified directories of the local file system


Answer : C

Question 15

David is the multicorp security manager and approves the proposals submitted by the
security administrator Peter. One day, David believes he has detected vulnerability in the
security policy. He submits a change proposal and tries to approve his own submission.
The system does not allow him to perform this procedure.


What is reason of this behavior?

  • A. The company does not allow David to submit and also approve the same poln (instead of Submit and Approve).
  • B. The company does not allow David to submit and approve the same submitted sessions in Global Properties was set to on
  • C. The company does not allow David to submit and approve the same policy cfi submitted sessions in the Smart Workflow section of the Firewall object properties was set to on
  • D. The proposal contains some logical contradictions. The Check Point does not permit this change to be carried out.


Answer : D

Page 1